Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Let's make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.

INFO

Published Date :

2024-07-29T15:04:16.733Z

Last Modified :

2025-12-20T08:51:35.858Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41079 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41079.

URL Resource
https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319 cve-icon cve-icon
https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d cve-icon cve-icon
https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2 cve-icon cve-icon
https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41079-09c3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-41079 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-41079 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact